It’s been three years since Google said it would offer end-to-end encryption in Gmail, but as we wait for something that’s unlikely to come, a Google Chrome extension can provide that capability and ensure that your messages are protected from hackers or other prying eyes.

The extension SecureGmail, an open source project posted in its entirety on GitHub, encrypts any messages you send in Gmail, so the body text of your email never hits Google’s servers. It also works for Google Apps users.

How it works: After you install the extension, if you already have Gmail open, refresh the page. You should now see a white lock next to the Compose button. When you click that button, a new compose window will pop up, but unlike the standard compose window, it will be labeled as secure. You can also still send unencrypted messages by hitting the regular Compose button instead.

Once you’ve written up your message, click the Send Encrypted button and you will be prompted to enter a password and an optional password hint. This password will also have to be shared with the recipient so they can open the message.

It would, of course, defeat the purpose to share that password by email or unencrypted online messengers. You can use an encrypted messaging service like Signal or WhatsApp instead. The password is key to the security of this message since SecureGmail uses symmetric encryption. Using a password generator is a good way to ensure you have chosen a strong password.

Note that if the recipient doesn’t have SecureGmail, they will be prompted to install it. This is necessary since SecureGmail itself provides the end-to-end encryption functionality, but it also means that anyone who doesn’t use Chrome (or who checks their email on the go on their phone) won’t be able to read your message.

Do you encrypt your emails? Let us know the service you prefer to use in the comments.

I encrypt with pgp. It's less user friendly, but still the best way to secure not just email, but any communication/documentation/files.
Sites like this need to encourage users to look into pgp, not half baked third party solutions, that work on a limited amount of applications (in this case 1)

Nancy is a writer and editor living in Washington DC. She was previously the Middle East editor at The Next Web and currently works at a DC-based think tank on communications and social media outreach.